|
Replies:
15
-
Pages:
2
[
1
2
| Next
]
-
Last Post:
Nov 12, 2009 11:06 AM
by: seaJhawk
|
|
|
Posts:
28
Registered:
9/29/08
|
|
|
|
Checking Disabled User's Memberships
Posted:
Nov 9, 2009 1:15 PM
|
|
|
I have worked through a script that gives me all disabled users minus some service accounts I do not need to account for.
In order to expose all of the entries for Memberof &NestedMemberof What variables do i need to insert, and where in thescript should they be inserted.
I got so far then got lost not even sure if this is doable?
To keep it simpler we can focus on the Memberof to get the idea of how to move forward.
See Script & Exported output below
Script
function func_Disabled_Users()
{
#region Get the current PowerPack configuration.
$configuration = Get-ActiveDirectoryPowerPackConfiguration
#endregion
#region Connect if we're not already connected.
$configuration.Connect()
#endregion
#region Set the data object on the current node.
Set-PowerGUINodeData -AssociatedObject @{'Connection'=$configuration.Connection}
#endregion
#region Retrieve the disabled users.
Get-QADUser -Disabled -PageSize $configuration.DefaultPageSize -SizeLimit $configuration.DefaultSizeLimit -Connection $configuration.Connection -ErrorAction SilentlyContinue `
| Add-Member -MemberType NoteProperty -Name Connection -Value $configuration.Connection -Force -PassThru
#endregion
}
func_Disabled_Users | where {'choice.internal/Internal Users/Admin + Service Accounts No TS profiles','choice.internal/Internal Users/Resources','choice.internal/Microsoft Exchange System Objects','choice.internal/Users','choice.internal/Users/Configuration','choice.internal/Users/Network Associates'-notcontains $_.ParentContainer}| Select-Object -property 'Name', 'ParentContainer', 'Email', 'MemberOf', 'NestedMemberOf' | Sort-Object -property 'ParentContainer' | Export-Csv -NoTypeInformation c:\disabled.csv
Exported Out (CSV)
See Attached Pic
Thx
Tom
Message was edited by: FuserKill
Message was edited by: FuserKill
|
|
|
Posts:
28
Registered:
9/29/08
|
|
|
|
Re: Checking Disabled User's Memberships
Posted:
Nov 9, 2009 1:28 PM
in response to: FuserKill
|
|
|
|
|
Output Export to CSV
|
|
|
Posts:
414
Registered:
12/15/08
|
|
|
|
Re: Checking Disabled User's Memberships
Posted:
Nov 9, 2009 3:18 PM
in response to: FuserKill
|
|
|
Hi Tom,
Good news and bad news. The good news is that your problem is definitely solveable. Bad news is that to do it easily you need PowerShell v2.
Just change the end of your function to this:
#region Retrieve the disabled users.
Get-QADUser -Disabled -PageSize $configuration.DefaultPageSize -SizeLimit $configuration.DefaultSizeLimit -Connection $configuration.Connection -ErrorAction SilentlyContinue `
| Add-Member -MemberType NoteProperty -Name Connection -Value $configuration.Connection -Force -PassThru `
| Add-Member -MemberType ScriptProperty -name MemberOfEx -value {$this | select -ExpandProperty memberOf} -Force -PassThru `
| Add-Member -MemberType ScriptProperty -name NestedMemberOfEx -value {$this | select -ExpandProperty nestedMemberOf} -Force -PassThru
-Chris
|
|
|
Posts:
28
Registered:
9/29/08
|
|
|
|
Re: Checking Disabled User's Memberships
Posted:
Nov 10, 2009 11:29 AM
in response to: seaJhawk
|
|
|
Chris,
I moved my script to a Win7 machine which has the latest PowerGui and what I believe is PowerShell v2 installed (I think Win 7 has it by default?)
Either I am executing the script wrong or something is missing here are my results.
When I Run the changed script from PowerGui I get no errors it runs clean but the results in the csv file are the same.
When I open up powershell and try to run the code I get the following errors.
Script
PS U:\> function func_Disabled_Users()
>> {
>> #region Get the current PowerPack configuration.
>> $configuration = Get-ActiveDirectoryPowerPackConfiguration
>> #endregion
>>
>> #region Connect if we're not already connected.
>> $configuration.Connect()
>> #endregion
>>
>> #region Set the data object on the current node.
>> Set-PowerGUINodeData -AssociatedObject @{'Connection'=$configuration.Connection}
>> #endregion
>>
>> #region Retrieve the disabled users.
>> Get-QADUser -Disabled -PageSize $configuration.DefaultPageSize -SizeLimit $configuration.DefaultSizeLimit -Connecti
on $configuration.Connection -ErrorAction SilentlyContinue `
>> | Add-Member -MemberType NoteProperty -Name Connection -Value $configuration.Connection -Force -PassThru `
>> | Add-Member -MemberType ScriptProperty -name MemberOfEx -value {$this | select -ExpandProperty memberOf} -Forc
e -PassThru `
>> | Add-Member -MemberType ScriptProperty -name NestedMemberOfEx -value {$this | select -ExpandProperty nestedMem
berOf} -Force -PassThru
>> #endregion
>> }
>>
PS U:\> func_Disabled_Users | where {'choice.internal/Internal Users/Admin + Service Accounts No TS profiles','choice.
internal/Internal Users/Resources','choice.internal/Microsoft Exchange System Objects','choice.internal/Users','choice.i
nternal/Users/Configuration','choice.internal/Users/Network Associates'-notcontains $_.ParentContainer}| Select-Object -
property 'Name', 'ParentContainer', 'Email', 'MemberOf', 'NestedMemberOf' | Sort-Object -property 'ParentContainer' | Ex
port-Csv c:\ExportDrop\disabled.csv -NoTypeInformation
Error
The term 'Get-ActiveDirectoryPowerPackConfiguration' is not recognized as the name of a cmdlet, function, script file,
or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try
again.
At line:4 char:59
+ $configuration = Get-ActiveDirectoryPowerPackConfiguration <<<<
+ CategoryInfo : ObjectNotFound: (Get-ActiveDirec...ckConfiguration:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException You cannot call a method on a null-valued expression.
At line:7 char:23
+ $configuration.Connect <<<< ()
+ CategoryInfo : InvalidOperation: (Connect:String) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull The term 'Set-PowerGUINodeData' is not recognized as the name of a cmdlet, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:10 char:21
+ Set-PowerGUINodeData <<<< -AssociatedObject @{'Connection'=$configuration.Connection}
+ CategoryInfo : ObjectNotFound: (Set-PowerGUINodeData:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException The term 'Get-QADUser' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the
spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:13 char:14
+ Get-QADUser <<<< -Disabled -PageSize $configuration.DefaultPageSize -SizeLimit $configuration.DefaultSizeLimit -Co
nnection $configuration.Connection -ErrorAction SilentlyContinue `
+ CategoryInfo : ObjectNotFound: (Get-QADUser:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
Thx again
Tom
|
|
|
Posts:
414
Registered:
12/15/08
|
|
|
|
Re: Checking Disabled User's Memberships
Posted:
Nov 10, 2009 11:44 AM
in response to: FuserKill
|
 |
Helpful |
|
|
Because we don't have interactive debugging in PowerGUI Admin (hint, hint, Darrin) to test the script you will need to either remove the dependency on the functions that are part of the powerpack or copy those functions into your script temporarily while testing in PowerGUI Editor.
These are the functions you need to grab from the PowerPack:
Get-ActiveDirectoryPowerPackConfiguration
Set-PowerGUINodeData
Alternatively, you can remove the need for those functions during testing by changing your script to the following. I just removed all references to the $configuration object
Get-QADUser -Disabled -ErrorAction SilentlyContinue ` | Add-Member -MemberType ScriptProperty -name MemberOfEx -value {$this | select -ExpandProperty memberOf} -Force -PassThru ` | Add-Member -MemberType ScriptProperty -name NestedMemberOfEx -value {$this | select -ExpandProperty nestedMemberOf} -Force -PassThru ` #| Add-Member -MemberType NoteProperty -Name Connection -Value $configuration.Connection -Force -PassThru
|
|
|
Posts:
663
Registered:
6/30/06
|
|
|
|
Re: Checking Disabled User's Memberships
Posted:
Nov 10, 2009 3:22 PM
in response to: seaJhawk
|
|
|
I got the hint...
|
|
|
Posts:
28
Registered:
9/29/08
|
|
|
|
Re: Checking Disabled User's Memberships
Posted:
Nov 11, 2009 7:30 AM
in response to: seaJhawk
|
|
|
Well it appears that I can't use any AD cmdlets in PowerShell 2 with ut an 2008R2 Domain controller Server so this may have to wait awhile before I can verify this.
|
|
|
Posts:
414
Registered:
12/15/08
|
|
|
|
Re: Checking Disabled User's Memberships
Posted:
Nov 11, 2009 7:39 AM
in response to: FuserKill
|
|
|
Why do you say that?
I'm using PowerShell v2 with the Quest AD cmdlets against a 2003 domain. Everything is working great.
-Chris
|
|
|
Posts:
28
Registered:
9/29/08
|
|
|
|
Re: Checking Disabled User's Memberships
Posted:
Nov 11, 2009 9:57 AM
in response to: seaJhawk
|
|
|
I tried running your last script it complained about not being able to perform a Get-QADuser, when I looked it up that is what I found . Guess that is wrong. How do I load the proper cmdlets into PShell 2 to accomplish my goal. I have used PowerGui far more than actual PowerShell so not as familiar on how to manipulate it.
Thx
Tom
|
|
|
Posts:
414
Registered:
12/15/08
|
|
|
|
Re: Checking Disabled User's Memberships
Posted:
Nov 11, 2009 10:02 AM
in response to: FuserKill
|
|
Helpful |
|
|
Ahh...
just do this:
Add-PSSnapin quest*
(you can type out the full name of the snapin if you want, but that gets old pretty much immediately.)
If you want to see all of the snapins you have available do this:
get-PSSnapin -Registered
-Chris
|
|
|
Posts:
28
Registered:
9/29/08
|
|
|
|
Re: Checking Disabled User's Memberships
Posted:
Nov 11, 2009 1:54 PM
in response to: seaJhawk
|
|
|
Ok Chris,
One step closer I was able to add the quest snapins without issue and ran the following script based on our string.
Get-QADUser -Disabled -ErrorAction SilentlyContinue | Add-Member -MemberType ScriptProperty -name MemberOfEx -value {$this | select -ExpandProperty memberOf} -Force -PassThru | Add-Member -MemberType ScriptProperty -name NestedMemberOfEx -value {$this | select -ExpandProperty nestedMemberOf} -Force -PassThru | export-csv c:\exportdrop\test.csv�
I am still getting this type of output.
MemberOf NestedMemberOf
System.String[] System.String[]
Do I need to append something else into this to get the desired output.
Thx
Tom
|
|
|
Posts:
414
Registered:
12/15/08
|
|
|
|
Re: Checking Disabled User's Memberships
Posted:
Nov 12, 2009 8:30 AM
in response to: FuserKill
|
|
|
Not sure what I was thinking...
Try this one:
Get-QADUser -Disabled -ErrorAction SilentlyContinue | Add-Member -MemberType ScriptProperty -name MemberOfEx -value {[string]::join("`n",$this.memberOf)} -Force -PassThru | Add-Member -MemberType ScriptProperty -name NestedMemberOfEx -value {[string]::join("`n",$this.nestedMemberOf)} -Force -PassThru | export-csv c:\exportdrop\test.csv
|
|
|
Posts:
28
Registered:
9/29/08
|
|
|
|
Re: Checking Disabled User's Memberships
Posted:
Nov 12, 2009 8:50 AM
in response to: seaJhawk
|
|
|
Same results not showing Values when exported to csv.
|
|
|
Posts:
414
Registered:
12/15/08
|
|
|
|
Re: Checking Disabled User's Memberships
Posted:
Nov 12, 2009 10:07 AM
in response to: FuserKill
|
 |
Answered |
|
|
|
|
Weird - when I run it using just my account and then open the resulting file in Excel I see all of my groups like in the attached image (intentionally blurry) that shows the MemberOfEx column selected.
-Chris
|
|
|
Posts:
28
Registered:
9/29/08
|
|
|
|
Re: Checking Disabled User's Memberships
Posted:
Nov 12, 2009 10:42 AM
in response to: seaJhawk
|
|
|
My Bad Chris My eyes are getting crossed looking at this stuff lol...I was still looking at MemberOf & NestedMemberOf.
I am seeing the Completed ouput when looking at MemberOfEx.
Thank you for your time on this....
Regards,
Tom
PS: This actually works in PowerGui as well, without going to the PowerShell V2.
My final version of your script Filters out the items from the ParentContainers I don't need to see(%pc% for given parent containers) and Displays the only Attributes I need for my report('Name', 'ParentContainer', 'Email','MemberOfEx') This works out very nicely Thanks again Chris.
Get-QADUser -Disabled -ErrorAction SilentlyContinue | Add-Member -MemberType ScriptProperty -name MemberOfEx -value {[string]::join("`n",$this.memberOf)} -Force -PassThru | Add-Member -MemberType ScriptProperty -name NestedMemberOfEx -value {[string]::join("`n",$this.nestedMemberOf)} -Force -PassThru | where {'%pc%',"%pc1%' -notcontains $_.ParentContainer} | Select-Object -property 'Name', 'ParentContainer', 'Email','MemberOfEx' | Sort-Object -property 'ParentContainer' | Export-Csv c:\ExportDrop\disabled.csv -NoTypeInformation
Message was edited by: FuserKill
|
|
|
|
Legend
|
|
MVP: 2501
+
pts
|
|
Guru: 2001
- 2500
pts
|
|
Expert: 751
- 2000
pts
|
|
Enthusiast: 31
- 750
pts
|
|
Novice: 0
- 30
pts
|
|
Moderators
|
|
|
Helpful answer
(5 pts)
|
|
Answered
(10 pts)
|
|
